Security News > 2020 > September > Unprotected Server Leaks Data of Microsoft Bing Mobile App Users
WizCase experts have identified an unprotected Elasticsearch server that contained terabytes of data pertaining to users of Microsoft's Bing mobile application.
White hat hacker Ata Hakcil, who identified the leak, was able to confirm that the Elasticsearch server belonged to Microsoft's Bing mobile app by installing the application and running a search for WizCase.
The exposed server was designed to log data related to the Android and iOS Bing mobile applications.
"Based on the sheer amount of data, it is safe to speculate that anyone who has made a Bing search with the mobile app while the server has been exposed is at risk. We saw records of people searching from more than 70 countries," the experts say.
Responding to a SecurityWeek inquiry, a Microsoft spokesperson confirmed the incident: "We've fixed a misconfiguration that caused a small amount of search query data to be exposed. After analysis, we've determined that the exposed data was limited and de-identified."
News URL
Related news
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)